CVE-2023-40592

Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint

CVSS 8.4 HIGHEPSS 0.5%CWE-79

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Productos afectados

Splunk · Splunk Cloud Splunk · Splunk Enterprise

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://advisory.splunk.com/advisories/SVD-2023-0801 https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a/